On Thu, 29 Jan 2004, Jimmy Lim wrote:
..
> > # W32Doom/Novarg hack
> > /^UEsDBAoAAAAAA/ DISCARD
> > /^TVqQAAMAAAAEAAAA/ DISCARD
>
> I've tried that regexp body checks, but the /^UEsDBAoAAAAAA/ won't allow
> valid users to send zip attachment. I guess amavis-new+(any antivirus)
Yes you are right. :)
Right now after 3 days of 40+ load average on 4 smtp servers, I'm glad for
anything that will reduce the load.
Here's a better one (which I haven't tried yet).
/^RSLxwtYBDB6FCv8ybBcS0zp9VU5of3K4BXuwyehTM0RI9IrSjVuwP94xfn0wgOjouKWzGXHVk3qg$/
DISCARD VIRUS (sobig.f)
/^ZGUuDQ0KJAAAAAAAAAB\+i6hSOurGATrqxgE66sYBQfbKATvqxgG59sgBLerGAdL1zAEA6sYBWPXV$/
DISCARD VIRUS (W32/[EMAIL PROTECTED])
/AAAAAAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4g/
DISCARD VIRUS (W32/[EMAIL PROTECTED])
/^(UEsDBAoAAAAAA|ApIAUCZKAEAD\/bJpmiwQBPQl6AEAS85pmm7ZH8gqwAO4sKimaZqmoJiQiICapmmaeHBoYFhQzWCf)/
DISCARD VIRUS (W32/[EMAIL PROTECTED])
> is the best solution on this but this makes your postfix server consumes
> 100% resource of cpu and memory.
Yeah. That's why our clamav is turned off right now. Just working through
the queue...
---
Orlando Andico <[EMAIL PROTECTED]>
Mosaic Communications, Inc.
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
